Other Credentials Management Systems --> Cooperative ITS Credentials Management System:
authorization coordination
This triple is bi-directional. See also
Cooperative ITS Credentials Management System --> Other Credentials Management Systems: authorization coordination
Definitions
authorization coordination (Information Flow): Sharing of pseudonym certificate policies and end entity enrollments and revocations to support authorization of end entities that are enrolled with another trusted CCMS.
Other Credentials Management Systems (Source Physical Object): Representing another Cooperative ITS Credentials Management System (CCMS), 'Other Credentials Management Systems' is intended to provide a source and destination for information exchange between peer credentials management systems. It supports modeling of projects or regions that include multiple interconnected CCMS that manage credentials distribution and management in the connected vehicle environment.
Cooperative ITS Credentials Management System (Destination Physical Object): The 'Cooperative ITS Credentials Management System' (CCMS) is a high-level aggregate representation of the interconnected systems that enable trusted communications between mobile devices and other mobile devices, roadside devices, and centers and protect data they handle from unauthorized access. Representing the different interconnected systems that make up a Public Key Infrastructure (PKI), this physical object represents an end user view of the credentials management system with focus on the exchanges between the CCMS and user devices that support the secure distribution, use, and revocation of trust credentials.
Included In
This Triple is in the following Service Packages:
This triple is associated with the following Functional Objects:
This Triple is described by the following Functional View Data Flows:
This Triple has the following triple relationships:
None |
Communication Solutions
- (None-Security-Management) - Guaranteed Secure Internet (ITS) (32)
Selected Solution
Solution Description
ITS Application Entity
No Standard Needed |
Click gap icons for more info.
|
||
Mgmt
|
Facilities
Development needed |
Security
|
|
TransNet
|
|||
Access
Internet Subnet Alternatives |
Note that some layers might have alternatives, in which case all of the gap icons associated with every alternative may be shown on the diagram, but the solution severity calculations (and resulting ordering of solutions) includes only the issues associated with the default (i.e., best, least severe) alternative.
Characteristics
Characteristic | Value |
---|---|
Time Context | Recent |
Spatial Context | National |
Acknowledgement | True |
Cardinality | Unicast |
Initiator | Destination |
Authenticable | True |
Encrypt | True |
Interoperability | Description |
---|---|
National | This triple should be implemented consistently within the geopolitical region through which movement is essentially free (e.g., the United States, the European Union). |
Security
Information Flow Security | ||||
---|---|---|---|---|
Confidentiality | Integrity | Availability | ||
Rating | High | High | High | |
Basis | Coordination of credentialing and revocation should be maintained between the trust authorities and no one else. Outside observers may learn CCMS behaviors and may gain understanding of the timings between revocation/granting at one authority vs. propogation to another, which may enable attacks. | Coordination of credentialing and revocation needs to be correct at all times, or trust/lack-of-trust may not be correctly propagated and end entities improperly served. Depending on the scale of the integrity/availability failure, this could affect a small or large amount of the C-ITS environment. | Coordination of credentialing and revocation needs to be correct at all times, or trust/lack-of-trust may not be correctly propagated and end entities improperly served. Depending on the scale of the integrity/availability failure, this could affect a small or large amount of the C-ITS environment. |
Security Characteristics | Value |
---|---|
Authenticable | True |
Encrypt | True |